DESCRIPTION:A vulnerability has been reported in the onGallery component forJoomla, which can be exploited by malicious people to conduct SQLinjection attacks.

Input passed via the "id" parameter to index.php (when "option" isset to "com_ongallery" and "task" is set to "ft") is not properlysanitised before being used in a SQL query. This can be exploited tomanipulate SQL queries by injecting arbitrary SQL code.

NOTE: This can further be exploited to conduct cross-site scriptingattacks via SQL error messages.

The vulnerability is reported in version 2.0.1. Other versions mayalso be affected.

SOLUTION:Edit the source code to ensure that input is properly sanitised.

GET LASTEST UPDATE

SOCIAL MEDIA

The Joomla!® name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.JoomlaCorner.com is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project